Would allow a secure app or hardware for generating the derivative delegate nsub keys per team member, device, client so we could get to the point where nsecs were rarely/never copy and pasted.

It reduces exposure and sharing.

Also nsec could be stored offline (ie on paper in a safe) and therefore save from password managers being hacked etc